WiFi Privacy Flap Shows Google Does Not Respect EU, Reding Says

EU Justice Commissioner Viviane Reding said it "is not acceptable that a company operating in the EU does not respect EU rules" in response to Google's accidental collection of e-mail, browser data and passwords over WiFi networks with its Street View cars for the last three years. Johannes Caspar, the data protection supervisor for the city state of Hamburg in Germany, said he is giving Google until May 26 to hand over one of the hard drives that it had used to store information in Germany or he will consider fining the company.

Google continues to be under siege by regulators in Europe
for accidentally scooping citizens' data from WiFi networks, with the European
Union's justice commissioner claiming the company doesn't respect its rules.
The search engine May 14 admitted that its Street View Cars, which shoot pictures of
streets and locales all over the world as a feature of Google Maps, had
unwittingly captured 600GB of peoples' "payload data" from unsecured
WiFi networks.

This includes e-mail, passwords and browsing habits culled from WiFi
networks in the United States,
Germany, Britain,
Ireland, France,
Brazil and Hong
Kong over the last three years.

That the company said it did not use this data and is working with the
affected countries to delete it was of little consolation to regulators in Europe,
which along with U.S.
regulators may investigate the company more fully for the sustained
transgression against user privacy.
Viviane Reding, Justice Commissioner for the European Union in Brussels,
said in a statement sent to eWEEK May 18 that it "is not acceptable that a
company operating in the EU does not respect EU rules."
Reding added that she reminded Google co-founder Larry Page during a meeting
last June that all companies that operate in the EU must abide by the European
Union's high standards of data protection and privacy.
She noted that the processing of personal data by Google Street View falls
within the scope of the Data Protection Directive 95/46/EC and is therefore
subject to its provisions.
The fire burns hotter under Google elsewhere in Europe.
Johannes Caspar, the data protection supervisor for the city state of
Hamburg in Germany, told
the New York Times May 18 that it is giving Google until May 26 to hand
over one of the hard drives that it had used to store information in Germany or
he will consider fining the company.
"Up until now, all we have to go on at this point is what Google has
told us that they have collected," Caspar told the Times. "But until
we can inspect one of the hard drives ourselves, we will not know to what
extent what kinds of data have actually been stored."
Street View is not yet available in Germany,
ratcheting up the pressure on privacy watchdogs such as Caspar to save face by
pushing Google hard for the data. Caspar said he could impose fines on
the company and could ask the state prosecutor in Hamburg
to consider bringing charges against Google for "improper collection of
private data."
Meanwhile, the UOOU, the Czech data protection agency, launched an
administrative investigation into Google's practices, according to the Financial Times. The FTC may also open an inquiry into Google's admittance of data harvesting.
Google explained the WiFi data collection in this blog post May 14, but declined to add anything about the threats
of action against the company when contacted by eWEEK May 18. "We don't
have anything to add beyond what we've said in our blog post. We're continuing
to have discussions with the relevant authorities," a spokesperson said.
Part of those discussions involve how best to go about deleting the data,
and progress has already been made in Ireland, where Alex Stamos, partner for
iSEC Partners, said he oversaw the physical destruction of four hard drives
that housed payload data Google collected in Ireland.
"We can confirm that all data identified as being from Ireland
was deleted over the weekend in the presence of an independent third
party," wrote Alan Eustace, senior vice president of engineering and
research at Google.
"We are reaching out to Data Protection Authorities in the other
relevant countries about how to dispose of the remaining data as quickly as
possible."